News Security

Critical 7-Zip Vulnerability Allows Attackers to Bypass Windows Security Features

/ by Corentin C | Leave a comment

7-zip-7z-file-archiver-data-compression

7-Zip Users Urged to Update Immediately to Fix High-Severity Vulnerability

A recently discovered vulnerability in the popular open-source file archiver 7-Zip exposes users to significant security risks by allowing attackers to bypass the Windows Mark of the Web (MotW) security feature. This vulnerability, tracked as CVE-2025-0411, has been addressed in version 24.09 of 7-Zip, but many users remain at risk if they do not update promptly.

Understanding the Threat

Mark of the Web (MotW) is a critical Windows security feature that flags files downloaded from the internet or other untrusted sources. This flag restricts how these files can be executed, helping to prevent accidental malware infections. For instance, MotW can trigger warning messages when risky files are opened or cause Microsoft Office to open documents in Protected View.

However, the flaw in 7-Zip allows attackers to bypass this safeguard. The vulnerability stems from 7-Zip’s failure to propagate the MotW flag when extracting files from nested archives, leaving users exposed to potential malware execution.

According to an advisory from the Trend Micro Zero Day Initiative (ZDI):

“This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.”

Exploiting the Vulnerability

Threat actors can exploit this flaw by crafting malicious archives. If a user extracts files from these archives using a vulnerable version of 7-Zip, the extracted files will lack the MotW flag, enabling malware execution without security warnings.

Such attacks typically involve social engineering tactics, such as tricking users into downloading archives from phishing emails, malicious websites, or fake software download links.

Mitigation: Update to 7-Zip Version 24.09

Igor Pavlov, the developer of 7-Zip, patched the vulnerability on November 30, 2024, with the release of version 24.09. The update ensures that MotW flags are correctly propagated, even for files extracted from nested archives.

As highlighted in the release notes:

“7-Zip File Manager didn’t propagate Zone.Identifier stream for extracted files from nested archives (if there is open archive inside another open archive).”

Important Note: 7-Zip does not include an auto-update feature, meaning users must manually download and install the latest version from the official 7-Zip website or from ToolsLib download page.

Risks of Not Updating

Users who continue to use outdated versions of 7-Zip are highly susceptible to exploitation. Malware operators have historically exploited similar vulnerabilities to deploy malicious payloads, such as:

  1. DarkGate Malware: Leveraged a MotW bypass (CVE-2024-38213) to install disguised malware on victims’ systems.
  2. DarkMe RAT: Distributed via MotW bypass vulnerabilities (CVE-2024-21412) to target stock trading forums and Telegram channels.

These incidents underscore the importance of promptly addressing security flaws like CVE-2025-0411.

What Should You Do?

  1. Update Immediately: If you use 7-Zip, download version 24.09 or later from the official website.
  2. Verify Downloads: Always ensure you download software from trusted sources.
  3. Be Cautious with Archives: Avoid extracting files from untrusted or suspicious sources, especially if you haven’t updated 7-Zip.
  4. Enable Security Features: Keep your operating system and antivirus software up to date to provide additional layers of protection.

Conclusion

The CVE-2025-0411 vulnerability highlights the evolving strategies of threat actors and the critical need for timely software updates. While 7-Zip remains a valuable tool for millions of users, it is imperative to stay informed and vigilant about security risks. By updating to version 24.09, users can protect themselves from potential attacks exploiting this flaw.

Stay safe, and ensure your software is always up to date!

7-Zip Official Website

Stay Updated with ToolsLib! 🚀
Join our community to receive the latest cybersecurity tips, software updates, and exclusive insights straight to your inbox!

Tagged

You might also like

deepseek website

DeepSeek-R1: A Revolutionary AI Model Shaking Up the Industry

DeepSeek-R1 is revolutionizing AI with its cutting-edge capabilities and unbeatable cost efficiency. Rivaling OpenAI’s o1 model, this open-source innovation delivers advanced performance in mathematics, code generation, and human-like reasoning, all while being 27 times more affordable.

Read more »

Crypto Wallet

Guide: How to Secure Your Crypto Wallet

Your crypto wallet is the key to your digital assets, making its security vital. This guide covers the best practices for protecting your wallet, from strong passwords to hardware wallets, and avoiding common mistakes. Stay safe in the world of cryptocurrencies!

Read more »

windows 11

Enforcing Windows Updates on Windows 11: What You Need to Know About the 24H2 Update

Windows 11's 24H2 update is now mandatory for all eligible users, bringing exciting features like Wi-Fi 7 compatibility and improved energy management. However, with long installation times and potential software issues, preparation is key. Find out how to schedule updates, set active hours, and avoid surprises in our guide.

Read more »

tiktok us ban

TikTok Banned in the United States: What It Means for Users and Social Media Landscape

The TikTok ban in the United States has left millions of users without access, raising questions about data privacy and national security. Discover the reasons behind the ban, the implications for users, and how this decision is reshaping the social media landscape.

Read more »

openai-chatgpt

Introducing Scheduled Tasks in ChatGPT: A Game-Changer for Automation (Beta)

ChatGPT introduces Scheduled Tasks, a new beta feature that revolutionizes automation. Whether you need daily briefings, reminders, or task management, this tool enables ChatGPT to run prompts and assist proactively, even while you're offline. Ideal for boosting productivity and simplifying routines!

Read more »

microsoft-patch-tuesday

January 2025 Windows Update: Key Highlights from Patch Tuesday

The January 2025 Windows Update brings cumulative updates KB5050009 and KB5050021, enhancing security and addressing critical issues. Explore the changes, known bugs, and tips for smooth installation.

Read more »

Critical Windows Vulnerability – PoC for CVE-2024-43452 Now Available

A new PoC exploit for CVE-2024-43452 affects Windows 11 23H2, allowing attackers to escalate privileges to SYSTEM level through malicious SMB responses. This flaw, discovered by Google Project Zero, exposes serious risks, and Microsoft has already addressed it in the November 2024 updates. Apply the patch immediately and follow best practices to secure your systems.

Read more »

High-Severity Vulnerability Found in Dell SupportAssist: CVE-2024-52535

A newly disclosed vulnerability, CVE-2024-52535, in Dell SupportAssist could allow attackers to escalate privileges and delete critical files. Affecting both Home and Business PC versions, this high-severity flaw highlights the importance of updating to the latest software versions. Find out how to mitigate this risk effectively.

Read more »

Beware of Malicious ZIP Files: How to Stay Safe

Malicious ZIP files are often used in cyberattacks to deliver harmful malware. This article explores how these files work, common disguise techniques, and practical tips to help you recognize and prevent these threats.

Read more »

The Top 5 Cyber-Attacks of 2024: Lessons Learned and Future Steps

2024 witnessed a surge in sophisticated cyber-attacks across industries. From healthcare disruptions to software supply chain vulnerabilities, these incidents underscore the urgent need for stronger cybersecurity measures. Explore the top five attacks and the lessons they teach us.

Read more »

What Is End-to-End Encryption Messaging and Why You Should Use It

End-to-end encryption (E2EE) ensures your messages remain private and secure, accessible only to you and the recipient. In this post, we explore how E2EE works, its advantages and limitations, and the best apps for safeguarding your communication. Stay protected in the digital world!

Read more »

windows 11

Windows 11 24H2 Update: New Features, Bugs, and a Critical Security Vulnerability

The Windows 11 24H2 update introduces exciting new features but comes with notable bugs and a severe security vulnerability. Learn how to stay protected while exploring the latest enhancements.

Read more »

To top

Table of Contents

Index
×